Search in sources :

Example 6 with BadRequestException

use of org.sagebionetworks.bridge.exceptions.BadRequestException in project BridgeServer2 by Sage-Bionetworks.

the class AppConfigElementsController method deleteElementRevision.

@DeleteMapping("/v3/appconfigs/elements/{id}/revisions/{revision}")
public StatusMessage deleteElementRevision(@PathVariable String id, @PathVariable String revision, @RequestParam(required = false) String physical) {
    UserSession session = getAuthenticatedSession(DEVELOPER);
    Long revisionLong = BridgeUtils.getLongOrDefault(revision, null);
    if (revisionLong == null) {
        throw new BadRequestException("Revision is not a valid revision number");
    }
    if ("true".equals(physical) && session.isInRole(ADMIN)) {
        service.deleteElementRevisionPermanently(session.getAppId(), id, revisionLong);
    } else {
        service.deleteElementRevision(session.getAppId(), id, revisionLong);
    }
    // App config elements are included in the app configs, so allow cache to update
    cacheProvider.removeSetOfCacheKeys(CacheKey.appConfigList(session.getAppId()));
    return new StatusMessage("App config element revision deleted.");
}
Also used : UserSession(org.sagebionetworks.bridge.models.accounts.UserSession) BadRequestException(org.sagebionetworks.bridge.exceptions.BadRequestException) StatusMessage(org.sagebionetworks.bridge.models.StatusMessage) DeleteMapping(org.springframework.web.bind.annotation.DeleteMapping)

Example 7 with BadRequestException

use of org.sagebionetworks.bridge.exceptions.BadRequestException in project BridgeServer2 by Sage-Bionetworks.

the class AuthenticationController method signOutV4.

@PostMapping("/v4/auth/signOut")
public StatusMessage signOutV4() {
    final UserSession session = getSessionIfItExists();
    // Always set, even if we eventually decide to return an error code when there's no session
    Cookie cookie = HttpUtil.makeSessionCookie("", 0);
    response().addCookie(cookie);
    response().setHeader(CLEAR_SITE_DATA_HEADER, CLEAR_SITE_DATA_VALUE);
    if (session != null) {
        authenticationService.signOut(session);
    } else {
        throw new BadRequestException("Not signed in");
    }
    return new StatusMessage("Signed out.");
}
Also used : Cookie(javax.servlet.http.Cookie) UserSession(org.sagebionetworks.bridge.models.accounts.UserSession) BadRequestException(org.sagebionetworks.bridge.exceptions.BadRequestException) StatusMessage(org.sagebionetworks.bridge.models.StatusMessage) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 8 with BadRequestException

use of org.sagebionetworks.bridge.exceptions.BadRequestException in project BridgeServer2 by Sage-Bionetworks.

the class ConsentService method resendConsentAgreement.

/**
 * Resend the participant's signed consent agreement via the user's email address or their phone number.
 * It is an error to call this method if no channel exists to send the consent to the user.
 */
public void resendConsentAgreement(App app, SubpopulationGuid subpopGuid, StudyParticipant participant) {
    checkNotNull(app);
    checkNotNull(subpopGuid);
    checkNotNull(participant);
    ConsentSignature consentSignature = getConsentSignature(app, subpopGuid, participant.getId());
    SharingScope sharingScope = participant.getSharingScope();
    Subpopulation subpop = subpopService.getSubpopulation(app.getIdentifier(), subpopGuid);
    String studyConsentDocument = studyConsentService.getActiveConsent(subpop).getDocumentContent();
    boolean verifiedEmail = (participant.getEmail() != null && Boolean.TRUE.equals(participant.getEmailVerified()));
    boolean verifiedPhone = (participant.getPhone() != null && Boolean.TRUE.equals(participant.getPhoneVerified()));
    ConsentPdf consentPdf = new ConsentPdf(app, participant, consentSignature, sharingScope, studyConsentDocument, xmlTemplateWithSignatureBlock);
    if (verifiedEmail) {
        TemplateRevision revision = templateService.getRevisionForUser(app, EMAIL_SIGNED_CONSENT);
        BasicEmailProvider provider = new BasicEmailProvider.Builder().withApp(app).withParticipant(participant).withTemplateRevision(revision).withBinaryAttachment("consent.pdf", MimeType.PDF, consentPdf.getBytes()).withRecipientEmail(participant.getEmail()).withType(EmailType.RESEND_CONSENT).build();
        sendMailService.sendEmail(provider);
    } else if (verifiedPhone) {
        sendConsentViaSMS(app, subpop, participant, consentPdf);
    } else {
        throw new BadRequestException("Participant does not have a valid email address or phone number");
    }
}
Also used : SharingScope(org.sagebionetworks.bridge.models.accounts.SharingScope) BasicEmailProvider(org.sagebionetworks.bridge.services.email.BasicEmailProvider) ConsentSignature(org.sagebionetworks.bridge.models.subpopulations.ConsentSignature) Subpopulation(org.sagebionetworks.bridge.models.subpopulations.Subpopulation) BadRequestException(org.sagebionetworks.bridge.exceptions.BadRequestException) TemplateRevision(org.sagebionetworks.bridge.models.templates.TemplateRevision)

Example 9 with BadRequestException

use of org.sagebionetworks.bridge.exceptions.BadRequestException in project BridgeServer2 by Sage-Bionetworks.

the class AppService method sendVerifyEmail.

// Helper method to send the email verification email.
private void sendVerifyEmail(App app, AppEmailType type) {
    checkNotNull(app);
    if (type == null) {
        throw new BadRequestException("Email type must be specified");
    }
    // Figure out which email we need to verify from type.
    String email;
    switch(type) {
        case CONSENT_NOTIFICATION:
            email = app.getConsentNotificationEmail();
            break;
        default:
            // Impossible code path, but put it in for future-proofing.
            throw new BadRequestException("Unrecognized email type \"" + type.toString() + "\"");
    }
    if (email == null) {
        throw new BadRequestException("Email not set for app");
    }
    // Generate and save token.
    String token = createTimeLimitedToken();
    saveVerification(token, new VerificationData(app.getIdentifier(), email));
    // Create and send verification email. Users cannot edit this template so there's no backwards
    // compatibility issues
    String appId = BridgeUtils.encodeURIComponent(app.getIdentifier());
    String shortUrl = String.format(VERIFY_APP_EMAIL_URL, BASE_URL, appId, token, type.toString().toLowerCase());
    TemplateRevision revision = TemplateRevision.create();
    revision.setSubject(appEmailVerificationTemplateSubject);
    revision.setDocumentContent(appEmailVerificationTemplate);
    revision.setMimeType(HTML);
    BasicEmailProvider provider = new BasicEmailProvider.Builder().withApp(app).withTemplateRevision(revision).withOverrideSenderEmail(bridgeSupportEmailPlain).withRecipientEmail(email).withToken(STUDY_EMAIL_VERIFICATION_URL, shortUrl).withExpirationPeriod(STUDY_EMAIL_VERIFICATION_EXPIRATION_PERIOD, VERIFY_APP_EMAIL_EXPIRE_IN_SECONDS).withToken(APP_EMAIL_VERIFICATION_URL, shortUrl).withExpirationPeriod(APP_EMAIL_VERIFICATION_EXPIRATION_PERIOD, VERIFY_APP_EMAIL_EXPIRE_IN_SECONDS).withType(EmailType.VERIFY_CONSENT_EMAIL).build();
    sendMailService.sendEmail(provider);
}
Also used : BasicEmailProvider(org.sagebionetworks.bridge.services.email.BasicEmailProvider) BadRequestException(org.sagebionetworks.bridge.exceptions.BadRequestException) TemplateRevision(org.sagebionetworks.bridge.models.templates.TemplateRevision)

Example 10 with BadRequestException

use of org.sagebionetworks.bridge.exceptions.BadRequestException in project BridgeServer2 by Sage-Bionetworks.

the class AppService method updateApp.

public App updateApp(App app, boolean isAdminUpdate) {
    checkNotNull(app);
    // These cannot be set through the API and will be null here, so they are set on update
    App originalApp = appDao.getApp(app.getIdentifier());
    checkViolationConstraints(originalApp, app);
    // caller is not an admin.
    if (!isAdminUpdate) {
        // prevent non-admins update a deactivated app
        if (!originalApp.isActive()) {
            throw new EntityNotFoundException(App.class, "App '" + app.getIdentifier() + "' not found.");
        }
        app.setExporter3Configuration(originalApp.getExporter3Configuration());
        app.setHealthCodeExportEnabled(originalApp.isHealthCodeExportEnabled());
        app.setExternalIdRequiredOnSignup(originalApp.isExternalIdRequiredOnSignup());
        app.setEmailSignInEnabled(originalApp.isEmailSignInEnabled());
        app.setPhoneSignInEnabled(originalApp.isPhoneSignInEnabled());
        app.setReauthenticationEnabled(originalApp.isReauthenticationEnabled());
        app.setAccountLimit(originalApp.getAccountLimit());
        app.setAppIdExcludedInExport(originalApp.isAppIdExcludedInExport());
        app.setVerifyChannelOnSignInEnabled(originalApp.isVerifyChannelOnSignInEnabled());
    }
    // Email verification flag can never be changed.
    app.setEmailVerificationEnabled(originalApp.isEmailVerificationEnabled());
    // prevent anyone changing active to false -- it should be done by deactivateApp() method
    if (originalApp.isActive() && !app.isActive()) {
        throw new BadRequestException("App cannot be deleted through an update.");
    }
    // that are normally required. So set it if someone tries to update a app, to a default value.
    if (app.getPasswordPolicy() == null) {
        app.setPasswordPolicy(PasswordPolicy.DEFAULT_PASSWORD_POLICY);
    }
    Validate.entityThrowingException(validator, app);
    if (originalApp.isConsentNotificationEmailVerified() == null) {
        // Apps before the introduction of the consentNotificationEmailVerified flag have it set to null. For
        // backwards compatibility, treat this as "true". If these aren't actually verified, we'll handle it on a
        // case-by-case basis.
        app.setConsentNotificationEmailVerified(true);
    } else if (!originalApp.isConsentNotificationEmailVerified()) {
        // You can't use the updateApp() API to set consentNotificationEmailVerified from false to true.
        app.setConsentNotificationEmailVerified(false);
    }
    // This needs to happen before the app is updated.
    boolean consentHasChanged = !Objects.equals(originalApp.getConsentNotificationEmail(), app.getConsentNotificationEmail());
    if (consentHasChanged) {
        app.setConsentNotificationEmailVerified(false);
    }
    // No one can delete or modify upload metadata fields. Check this after validation, so we don't have to
    // deal with duplicates.
    // Anyone (admin or developer) can add or re-order fields.
    checkUploadMetadataConstraints(originalApp, app);
    App updatedApp = updateAndCacheApp(app);
    if (!originalApp.getSupportEmail().equals(app.getSupportEmail())) {
        emailVerificationService.verifyEmailAddress(app.getSupportEmail());
    }
    if (consentHasChanged && app.getConsentNotificationEmail() != null) {
        sendVerifyEmail(app, AppEmailType.CONSENT_NOTIFICATION);
    }
    return updatedApp;
}
Also used : App(org.sagebionetworks.bridge.models.apps.App) BadRequestException(org.sagebionetworks.bridge.exceptions.BadRequestException) EntityNotFoundException(org.sagebionetworks.bridge.exceptions.EntityNotFoundException)

Aggregations

BadRequestException (org.sagebionetworks.bridge.exceptions.BadRequestException)104 EntityNotFoundException (org.sagebionetworks.bridge.exceptions.EntityNotFoundException)23 Test (org.testng.annotations.Test)19 UserSession (org.sagebionetworks.bridge.models.accounts.UserSession)17 App (org.sagebionetworks.bridge.models.apps.App)17 DateTime (org.joda.time.DateTime)13 StudyParticipant (org.sagebionetworks.bridge.models.accounts.StudyParticipant)10 Study (org.sagebionetworks.bridge.models.studies.Study)10 ArrayList (java.util.ArrayList)9 Account (org.sagebionetworks.bridge.models.accounts.Account)9 StudyActivityEvent (org.sagebionetworks.bridge.models.activities.StudyActivityEvent)9 PostMapping (org.springframework.web.bind.annotation.PostMapping)9 UploadSchema (org.sagebionetworks.bridge.models.upload.UploadSchema)8 CacheKey (org.sagebionetworks.bridge.cache.CacheKey)7 AccountId (org.sagebionetworks.bridge.models.accounts.AccountId)7 ScheduleContext (org.sagebionetworks.bridge.models.schedules.ScheduleContext)7 List (java.util.List)5 Survey (org.sagebionetworks.bridge.models.surveys.Survey)5 GetMapping (org.springframework.web.bind.annotation.GetMapping)5 Map (java.util.Map)4